System and method for cross platform document sharing

ABSTRACT

This invention discloses a novel system and method for automatically managing the movement of document files from a first document storage sub-system to a second document storage sub-system, tracking such movement and applying security policies before the movement is completed.

PRIORITY CLAIM

This application claims priority as a non-provisional application to U.S. Provisional Application No. 62/213,611, filed on Sep. 2, 2015, a non-provisional application to U.S. Provisional Application No. 62/211,848 filed on Aug. 30, 2015 and as a continuation in part to U.S. patent application Ser. No. 13/333,605 filed on Dec. 21, 2011, and all of which are hereby incorporated by reference in their entireties.

FIELD OF INVENTION

The present invention generally relates to the field of document data file management, data security applied to such data files and data file communication by and among computer systems. In one embodiment, the invention operates on a system comprised of at least one local computer operated by a user, a server system operating the Workshare server and at least one server operating a corresponding third party Saas document sharing platform, whereby the local computer and the servers are in communication using a data network.

BACKGROUND

In the past most document sharing was done via email but in recent years' users have seen the benefits derived from sharing documents in online shared containers and sought to have content being synchronised between these containers and their own computers and mobile devices. This market shift has led to a large number of File Sharing, File Synchronization and Collaboration systems designed to make collaboration easier and for files to be synchronised to wherever a user might want to consume them. The fact that there is not one dominant vendor or technology in this space, but a large number of different vendors and different technological platforms has lead to a number of problems when two organizations that use two different solutions wish to communicate or share documents. They end up relying on inferior technology that both organizations happen to have available—not the platforms that they use internally. This introduces inconveniences like lost document versions, version conflicts, vulnerabilities to security and the like. Therefore, there is a need for a computer system and method of operating computer systems that is an agnostic and consolidated technical solution for document storage, sharing and communication that provides productivity gains for users, and control and risk reduction for organisations by permitting such uses across multiple platforms.

The problem of multiple document sharing platforms can be considered from four perspectives:

Content Producer: The modern information professional (someone who produces documents for a living) is being faced with an ever increasing number of SaaS (Software as a Service) based (cloud) systems for storing and sharing documents. These systems include onsite or cloud based enterprise collaboration applications, traditional secure document repositories, home grown Intranet sites and an ever increasing number of modern cloud based SaaS file sharing systems. In a professional service context, often the choice of which system to use is not governed by the content producer, but by his client (the content consumer). As a result, users are required to work across many of these systems on a daily basis.

Content Consumer: From the client's (i.e. the content consumer) perspective, the problem is the same. Unless they are able to mandate that all their content producing counterparts use the same system as they do for file sharing and collaboration (which is unlikely) they are faced with the same dilemma. This example is well illustrated by the challenges corporate counsels face when dealing with multiple law firms and multiple stakeholders internal to the organization. Getting everyone to use the same document storage, sharing management and transmission system is often an impossibility. As a result of the administrative burden this imposes, typically users revert to the lowest common denominator—email with attachments.

Information Governance perspective: The situation above is a nightmare for those charged with data loss prevention and ensuring that information access policy is adhered to. For example, an organization might have a policy that no hidden information found inside documents (for example, metadata) should accidently leave the organization. This organization might have taken measures to ensure this level of protection over files being exchanged in email, but has an ever increasing gaping hole when it comes to SaaS based file sharing systems (which due to their simplicity and mass adoption are often the client's choice). Additionally, the organization (either of the content producers or content consumers) might have invested in an Enterprise Content Management system. In this case, the organisational goal will be to ensure that all content is stored in their chosen ECM/DMS system instead of being distributed in an ever increasing number of external systems.

Market perspective: The number of Enterprise File Sharing Systems is increasing rapidly. The market research firm Gartner Group tracked about 170 companies. Dominant incumbent vendors all have offerings competing against new highly funded startuipvendors and there is a plethora of specialist vendors who provide a unique value proposition over and above basic file sharing—product like Workshare's Transact™are examples of applications that deliver file sharing in a unique way, aligned with the use cases in the markets in which they operate. Different vendors are taking different approaches to compete. Some SaaS vendors have made available their up their proprietary application programming interface protocols (APIs) to position themselves as platforms whereas others have doubled down on their unique proprietary technology to deliver narrow products and services. Prices are being squeezed and as a result, there is a race to the bottom in terms of prices for data storage. There needs to be a way of working across the boundaries around these systems, effortlessly and safely.

DESCRIPTION OF THE FIGURES

The headings provided herein are for convenience only and do not necessarily affect the scope or meaning of the claimed invention. In the drawings, the same reference numbers and any acronyms identify elements or acts with the same or similar structure or functionality for ease of understanding and convenience. To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the Figure number in which that element is first introduced (e.g., element 101 is first introduced and discussed with respect to FIG. 1).

FIG. 1 shows the basic architecture of the invention.

FIG. 2 shows the workflow where a user uploads a file from the document management system to a third party SaaS system.

FIG. 3 shows the workflow where a user uploads a file saved from their local computer or from the Workshare system to a third party system.

FIG. 4 shows the workflow where the system receives a link to the file from on the third party document management system and the file is transferred to the user's device for editing.

FIG. 5 shows the workflow where the user downloads the file from an external source.

FIG. 6 shows the workflow where the user uploads the file from file storage.

DETAILED DESCRIPTION

Various examples of the invention will now be described. The following description provides specific details for a thorough understanding and enabling description of these examples. One skilled in the relevant art will understand, however, that the invention may be practiced without many of these details. Likewise, one skilled in the relevant art will also understand that the invention can include many other features not described in detail herein. Additionally, some well-known structures or functions may not be shown or described in detail below, so as to avoid unnecessarily obscuring the relevant description. The terminology used below is to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific examples of the invention. Indeed, certain terms may even be emphasized below; however, any terminology intended to be interpreted in any restricted manner will be overtly and specifically defined as such in this Detailed Description section.

The invention is a computer system and computer operated process that provides an agnostic and consolidated position between all of these other systems to provide productivity gains for users and control and risk reduction for organisations. In one embodiment of the invention, FIG. 1, a system interfaces with each of these other type of document systems and services in order to manage the interaction between them. Referring to FIG. 1, a user of the system embodying the invention, 101, can search or select a file from a variety of locations with increasing complexity. For example, network storage (102), a file sharing SaaS system (103) or a document management system (DMS) (104). The user can then request that the invention route the file to an external location, (106), which may be a external file sharing Saas, transmission by email or even using web services for file transmission. Likewise, the system may receive a file from one of these external data sources (107). That received file may be forwarded on by the invention to any of the data storage locations (102), (103), (104). In the meantime, the movement of the file is transaction data stored in a database accessed by the invention (108). That database (109) in one embodiment stores a data record that corresponds to the document that may include security policy data. In addition, that file may be related to a data record for the user (110). The invention provides the ability to receive security protocols that can be associated with a user (111). Likewise, the database (108) can be used to generate an audit report on use of a file or use of the system by the user (112).

The Benefit to the user:

-   -   Regardless of the file sharing systems they use; all files are         available to them in a central location. This gives users the         advantage of being able to benefit from the value delivered by         any of the file sharing systems yet the confidence to know that         all their files are easily accessible to them outside of any of         those systems     -   Users are able to organize their files as they like yet publish         them into the organisational paradigms found in file sharing         systems. For example, the user might order their files and         folders by Client, Project and Status whereas the client might         organize the file sharing system (which both parties are using)         very differently (by department, provider or project milestone).         The invention maintains data structures that for a given         document, map between these two different ways of organising         files thus making this distinction transparent to the user. The         invention uses the mapping so that the user's applicable         parameters present a FileOpen dialog where selection of the file         is in accordance with the user's preferred organization. When         the invention delivers the file to an external destination, the         mapping is used by the invention to input the appropriate         parameters defining the metadata of the document into the         destination context.     -   Users can easily publish files to a third party system and then         re-publish them as they evolve the same way because the         invention maintains data structures that for each document track         where the document was published. This is very advantageous when         one document file might be published to more than one document         sharing system because the invention automatically updates all         systems where a version of a file is being shared.     -   Users can accurately and quickly understand what is different         between documents as they evolve through their versions. In one         embodiment, Workshare's™ document comparison software is         utilized by the invention to automatically show users exactly         what changed between versions of a document file.

Benefits to the organisation:

-   -   Risk is reduced as all document files that are uploaded to file         sharing systems are processed through the system that operates a         document policy system which can remove hidden information or         block the upload/sharing of files if inappropriate     -   Record all events where files are uploaded (which file, when, by         whom and to where). Suspicious activity can then be tracked and         reported on. This provides a central location to obtain document         use auditing.     -   Retain information as copies of files uploaded are retained and         accessible centrally without having to go into each of the         system those files where uploaded to.

To accomplish this product proposition, the system and its operation has to provide several functionalities:

-   -   1. A way to participate in the upload and download of files to         and from any number of SaaS based file sharing applications     -   2. A policy based system which inserts itself between such an         upload or download     -   3. Deep integrations into incumbent ECM/DMS systems     -   4. Most importantly, a user interface which users prefer to use         over and above what they get from using a browser to access SaaS         based file sharing tools. Key to accomplishing the last task is         to not in any way reduce the offering of the SaaS vendor but         provide additional functionality and control to the user on top         of the experience delivered

The invention essentially participates in the upload and download of files from the user's computer (or an incumbent ECM/DMS system the user is using) to one or more SaaS based 3rd party systems or internal systems that the organization uses. By user computer, a desktop, laptop, tablet or smartphone may be used. To accomplish this, the user operates an application that embodies the invention (referred to as the Workshare App) which provides access to 3rd party SaaS application and provides enhanced functionality to upload and download files from the user's computer (or a DMS system the user is using) to and from the 3rd party system or the organization's internal systems. See FIG. 2.

To illustrate how this works, consider the following workflow where a user would like to upload a file from their DMS to a 3rd party, external SaaS system (See FIG. 4):

-   -   1. User opens the Workshare App and navigates to the SaaS file         sharing folder where the file is to be uploaded.     -   2. User clicks ‘Upload’ which is a standard Upload button         rendered in the page received from the SaaS provider.     -   3. Instead of being presented with a standard File Open dialog         box, the invention intercepts that process step and instead the         user is presented with a Workshare File Open dialog which could         render any of the following:         -   a. A file selector of all known files for the user.         -   b. An DMS File Open dialog for the user to search for the             file they want to upload within the DMS used by the user.         -   c. A standard File Open dialog to select a file from their             file system on their computer device.     -   4. The user selects the file to upload.     -   5. Before the file (or a pointer to it) is actually passed to         the external Saas application, the Workshare App runs a policy         check against the file and preforms any policy actions required,         which might include:         -   a. Converting the file to another format (for example, Word             to PDF).         -   b. Removing hidden metadata, comments or other confidential             information from the file.         -   c. Redacting or modifying the file in some way to remove or             obscure confidential information.         -   d. Blocking the upload based on metadata attributes or             context derived from the DMS system which prohibits this             file from being transmitted outside the organization's             perimeter.     -   6. After the policy checks are preformed, the file (or a pointer         to it) is handed to the external SaaS application which then         dutifully uploads the document data file to whichever         destination folder location was selected.     -   7. The whole transaction may be tracked by the Workshare App, so         a record of this user uploading this file, at this time, from         this source, to this destination can be recorded in one or both         of a local database and pushed to the Workshare Cloud Services         APIs:         -   a. This information can be used for subsequent reporting or             auditing.         -   b. Additionally, this information will be stored in order to             be used to provide remembered context for the user, so—for             example—the invention remembers where files have been             published to so any subsequent edits made to the local copy             of the same document file can be easily re-published. The             user can also override this saved context.

In yet another embodiment of this invention, a custom web browser may be used with a computer system that implements advance file selection dialogs with DMS and policy integration. This may be built using open source code from a typical web browser. An implementation of this strategy using Chromium Extension Framework™ is described in more detail below.

In yet another embodiment of this invention uses customized file selection dialog boxes in the user interface that are integrated into an existing web browser either via a browser addin or an extension or by customization at a lower level (for instance selectively replacing or modifying the operating system file selection dialogs).

A further embodiment of the invention would be an application that uses the public APIs of various 3rd party SAAS providers and rendering the information received via those APIs to show a representation of the files and or folders available to the user within the SAAS service. See FIG. 1. The distinction of this embodiment is that the rendering of the available content to the user is not performed by showing web pages originating from the SaaS provider within a web browser or web browser-like program. See FIG. 3.

The key to the process outlines above is that because the pages from the 3rd party SaaS application are being contained in the Workshare App, which is able to provide a different File Open and File Save function to which a standard browser rendering the same pages would provide. The SaaS application or other 3^(rd) party system is none the wiser—there is no specific integration between the Workshare App and the SaaS provider, it is simply that the JavaScript on the page is delegating the task of providing the file to the browser yet it is the Workshare Apps own implementation of this file selection function that is executed.

The key workflow can be summarized to the following:

-   -   1. User initiates an upload process, but instead of the normal         web-browser response, Workshare App intercepts to provide the         response.     -   2. User selects the file from whichever source, using a dialog         provided by another system (DMS system for example).     -   3. The Workshare App process runs a security protocol on the         file (or files) before passing the file (or its pointer) to the         calling application, for example, the web-browser.

One embodiment of the invention is composed of Chromium Extension Framework (CEF) which is an open source version of the Chrome browser. This may be packaged as part of the Workshare App. In one embodiment, the invention is sub-classing CefDialogHandler which is detailed here, which is incorporates by reference the following software documentation: http://magpcss.org/ceforum/apidocs3/projects/(default)/CefDialogHandler.html CefDialogHandler is a class used to handle user interface dialog events. The methods of this class will be called on the browser process user interface thread. The class has a method OnFileDialog, depicted below:

public virtual bool OnFileDialog(CefRefPtr<CefBrowser>browser, CefDialogHandler::FileDialogMode mode, const CefString& title, const CefString& default_file_path, const std::vector<CefString>& accept_filters, int selected_accept_filter, CefRefPtr<CefFileDialogCallback>callback);

The method is called to run a file chooser dialog. |mode| represents the type of dialog to display. |title| is the title to be used for the dialog and may be empty to show the default title (“Open” or “Save” depending on the mode). |default_file_path| is the path with optional directory and/or file name component that should be initially selected in the dialog. |accept_filters| are used to restrict the selectable file types and may any combination of (a) valid lower-cased MIME types (e.g. “text/*” or “image/*”), (b) individual file extensions (e.g. “.txt” or “.png”), or (c) combined description and file extension delimited using “|” and “;” (e.g. “Image Types|.png;.gif;.jpg”). |selected_accept_filter| is the 0-based index of the filter that should be selected by default. To display a custom dialog, return true and execute |callback| either inline or at a later time. To display the default dialog return false.

Implementing “CefDialogHandler::OnFileDialog” allows the invention to replace the default browser dialogs for “Open File” and “Save File”. This function allows the invention to show the Workshare file selector user interface and then return a single, or multiple, absolute local file name(s) that can then be uploaded or accessed in the usual way in the loaded web page or java script.

-   -   The preferred implementation of “CefDialogHandler::OnFileDialog”         gets called to handle an open file query (e.g. the method is         triggered by the user clicking on this html element: <input         type=“file”>). See FIG. 5.     -   For example, if a DMS is installed;         -   the application uses a the DovProvider calls to show an             “Open File” dialog to select a file from within the DMS.         -   the application saves a temporary copy of this file from the             DMS to the local file storage on the user computer operating             the Workshare App or a central server operating the             Workshare App that is being accessed by the user's device.     -   As a further example, the Workshare App is configured for         Workshare to supply a list of files         -   The system provides a dialog box and protocol to the user to             select a file         -   The system copies the selected file to a temp location     -   At this point the invention applies a security policy to this         temp local copy.     -   The invention returns from “CefDialogHandler::OnFileDialog” the         absolute local file name of this temp copy.     -   At this point execution has returned to the web page/JavaScript         which can now process the temp file as though it was manually         selected from the local file store in the first place.

A similar process may be used for file uploads, as depicted in FIG. 6. The same process may be used without an incumbent DMS. The process outlined above does not depend on their being a DMS system on the user's computer. In this case, the user would be offered files from their local computer, server or from a list of files they have stored in Workshare. All other parts of the workflow outlined above are still valid.

Using this method, the invention may be integrated for all of the above functionalities with any API based, client side (API installed on the user's computer) document management systems. Furthermore, the invention may be integrated to add both SaaS providers and client side API based systems to provide an ever growing mesh of integrations between each of these systems.

The invention stores data in its database The data that the invention stores in the database (109) may include the following fields for a transaction involving a document:

-   -   Source of uploaded document (i.e. an identifier which may         include one or more of: a service identifier such as DMS or         FileStore, a server identifier, a path or folder identifier, a         file name identifier and a version identifier).     -   A user identifier indicating who performed the upload.     -   Date and time of upload.     -   Size of the uploaded file.     -   The SaaS service that the file was uploaded to (note that this         is not a complete identifier of where on the SaaS platform the         file has been stored, just an identifier of which SaaS platform         was selected—this field may be just ‘service.net’ not         ‘service.net/user/123/folder/23456/file/1238972342’.

Additional information to be stored in the database might include:

-   -   A summary of metadata discovered in the document before upload.     -   Information on content policies triggered by the upload of the         document.     -   Full location information specifying the exact location of the         uploaded document.

However, full location information (i.e. a full URL to the place it was uploaded) may not be available at the time of upload, but may be deduced later (for instance by inspecting the SaaS platform contents using an appropriate API and the user's credentials and finding a file that matches the size and upload time).

In another embodiment, the system receives a link to the file on the third party DMS, and then automatically exercises the link to obtain the file. The file is transferred to the user's device for display or editing. When the user is finished, the database can save the revised file as a new version on its server. Alternatively, the server can run the file upload process to return the new version up to the third party DMS. In addition, the invention can run a comparison of the user's revised file with the obtained version.

Operating Environment: The system is typically comprised of a central server that is connected by a data network to a user's computer. The central server may be comprised of one or more computers connected to one or more mass storage devices. The precise architecture of the central server does not limit the claimed invention. Further, the user's computer may be a laptop or desktop type of personal computer. It can also be a cell phone, smart phone or other handheld device, including a tablet. The precise form factor of the user's computer does not limit the claimed invention. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to, personal computers, server computers, hand-held, laptop or mobile computer or communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The precise form factor of the user's computer does not limit the claimed invention. In one embodiment, the user's computer is omitted, and instead a separate computing functionality provided that works with the central server. In this case, a user would log into the server from another computer and access the system through a user environment.

The user environment may be housed in the central server or operatively connected to it. Further, the user may receive from and transmit data to the central server by means of the Internet, whereby the user accesses an account using an Internet web-browser and browser displays an interactive web page operatively connected to the central server. The central server transmits and receives data in response to data and commands transmitted from the browser in response to the customer's actuation of the browser user interface. Some steps of the invention may be performed on the user's computer and interim results transmitted to a server. These interim results may be processed at the server and final results passed back to the user.

The method described herein can be executed on a computer system, generally comprised of a central processing unit (CPU) that is operatively connected to a memory device, data input and output circuitry (IO) and computer data network communication circuitry. Computer code executed by the CPU can take data received by the data communication circuitry and store it in the memory device. In addition, the CPU can take data from the I/O circuitry and store it in the memory device. Further, the CPU can take data from a memory device and output it through the IO circuitry or the data communication circuitry. The data stored in memory may be further recalled from the memory device, further processed or modified by the CPU in the manner described herein and restored in the same memory device or a different memory device operatively connected to the CPU including by means of the data network circuitry. The memory device can be any kind of data storage circuit or magnetic storage or optical device, including a hard disk, optical disk or solid state memory. The IO devices can include a display screen, loudspeakers, microphone and a movable mouse that indicate to the computer the relative location of a cursor position on the display and one or more buttons that can be actuated to indicate a command.

The computer can display on the display screen operatively connected to the I/O circuitry the appearance of a user interface. Various shapes, text and other graphical forms are displayed on the screen as a result of the computer generating data that causes the pixels comprising the display screen to take on various colors and shades. The user interface also displays a graphical object referred to in the art as a cursor. The object's location on the display indicates to the user a selection of another object on the screen. The cursor may be moved by the user by means of another device connected by I/O circuitry to the computer. This device detects certain physical motions of the user, for example, the position of the hand on a flat surface or the position of a finger on a flat surface. Such devices may be referred to in the art as a mouse or a track pad. In some embodiments, the display screen itself can act as a trackpad by sensing the presence and position of one or more fingers on the surface of the display screen. When the cursor is located over a graphical object that appears to be a button or switch, the user can actuate the button or switch by engaging a physical switch on the mouse or trackpad or computer device or tapping the trackpad or touch sensitive display. When the computer detects that the physical switch has been engaged (or that the tapping of the track pad or touch sensitive screen has occurred), it takes the apparent location of the cursor (or in the case of a touch sensitive screen, the detected position of the finger) on the screen and executes the process associated with that location. As an example, not intended to limit the breadth of the disclosed invention, a graphical object that appears to be a 2 dimensional box with the word “enter” within it may be displayed on the screen. If the computer detects that the switch has been engaged while the cursor location (or finger location for a touch sensitive screen) was within the boundaries of a graphical object, for example, the displayed box, the computer will execute the process associated with the “enter” command. In this way, graphical objects on the screen create a user interface that permits the user to control the processes operating on the computer.

The invention may also be entirely executed on one or more servers. A server may be a computer comprised of a central processing unit with a mass storage device and a network connection. In addition a server can include multiple of such computers connected together with a data network or other data transfer connection, or, multiple computers on a network with network accessed storage, in a manner that provides such functionality as a group. Practitioners of ordinary skill will recognize that functions that are accomplished on one server may be partitioned and accomplished on multiple servers that are operatively connected by a computer network by means of appropriate inter process communication. In addition, the access of the web site can be by means of an Internet browser accessing a secure or public page or by means of a client program running on a local computer that is connected over a computer network to the server. A data message and data upload or download can be delivered over the Internet using typical protocols, including TCP/IP, HTTP, TCP, UDP, SMTP, RPC, FTP or other kinds of data communication protocols that permit processes running on two remote computers to exchange information by means of digital network communication. As a result a data message can be a data packet transmitted from or received by a computer containing a destination network address, a destination process or application identifier, and data values that can be parsed at the destination computer located at the destination network address by the destination application in order that the relevant data values are extracted and used by the destination application. The precise architecture of the central server does not limit the claimed invention. In addition, the data network may operate with several levels, such that the user's computer is connected through a fire wall to one server, which routes communications to another server that executes the disclosed methods.

The user computer can operate a program that receives from a remote server a data file that is passed to a program that interprets the data in the data file and commands the display device to present particular text, images, video, audio and other objects. The program can detect the relative location of the cursor when the mouse button is actuated, and interpret a command to be executed based on location on the indicated relative location on the display when the button was pressed. The data file may be an HTML document, the program a web-browser program and the command a hyper-link that causes the browser to request a new HTML document from another remote data network address location. The HTML can also have references that result in other code modules being called up and executed, for example, Flash or other native code.

Those skilled in the relevant art will appreciate that the invention can be practiced with other communications, data processing, or computer system configurations, including: wireless devices, Internet appliances, hand-held devices (including personal digital assistants (PDAs)), wearable computers, all manner of cellular or mobile phones, multi-processor systems, microprocessor-based or programmable consumer electronics, set-top boxes, network PCs, mini-computers, mainframe computers, and the like. Indeed, the terms “computer,” “server,” and the like are used interchangeably herein, and may refer to any of the above devices and systems.

In some instances, especially where the user computer is a mobile computing device used to access data through the network the network may be any type of cellular, IP-based or converged telecommunications network, including but not limited to Global System for Mobile Communications (GSM), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Orthogonal Frequency Division Multiple Access (OFDM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Advanced Mobile Phone System (AMPS), Worldwide Interoperability for Microwave Access (WiMAX), Universal Mobile Telecommunications System (UMTS), Evolution-Data Optimized (EVDO), Long Term Evolution (LTE), Ultra Mobile Broadband (UMB), Voice over Internet Protocol (VoIP),or Unlicensed Mobile Access (UMA).

The Internet is a computer network that permits customers operating a personal computer to interact with computer servers located remotely and to view content that is delivered from the servers to the personal computer as data files over the network. In one kind of protocol, the servers present webpages that are rendered on the customer's personal computer using a local program known as a browser. The browser receives one or more data files from the server that are displayed on the customer's personal computer screen. The browser seeks those data files from a specific address, which is represented by an alphanumeric string called a Universal Resource Locator (URL). However, the webpage may contain components that are downloaded from a variety of URL's or IP addresses. A website is a collection of related URL's, typically all sharing the same root address or under the control of some entity. In one embodiment different regions of the simulated space have different URL's. That is, the simulated space can be a unitary data structure, but different URL's reference different locations in the data structure. This makes it possible to simulate a large area and have participants begin to use it within their virtual neighborhood.

Computer program logic implementing all or part of the functionality previously described herein may be embodied in various forms, including, but in no way limited to, a source code form, a computer executable form, and various intermediate forms (e.g., forms generated by an assembler, compiler, linker, or locator.) Source code may include a series of computer program instructions implemented in any of various programming languages (e.g., an object code, an assembly language, or a high-level language such as C, C++, C#, Action Script, PHP, EcmaScript, JavaScript, JAVA, or HTML) for use with various operating systems or operating environments. The source code may define and use various data structures and communication messages. The source code may be in a computer executable form (e.g., via an interpreter), or the source code may be converted (e.g., via a translator, assembler, or compiler) into a computer executable form.

The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer program and data may be fixed in any form (e.g., source code form, computer executable form, or an intermediate form) either permanently or transitorily in a tangible storage medium, such as a semiconductor memory device (e.g., a RAM, ROM, PROM, EEPROM, or Flash-Programmable RAM), a magnetic memory device (e.g., a diskette or fixed hard disk), an optical memory device (e.g., a CD-ROM or DVD), a PC card (e.g., PCMCIA card), or other memory device. The computer program and data may be fixed in any form in a signal that is transmittable to a computer using any of various communication technologies, including, but in no way limited to, analog technologies, digital technologies, optical technologies, wireless technologies, networking technologies, and internetworking technologies. The computer program and data may be distributed in any form as a removable storage medium with accompanying printed or electronic documentation (e.g., shrink wrapped software or a magnetic tape), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the communication system (e.g., the Internet or World Wide Web.) It is appreciated that any of the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form. The software components may, generally, be implemented in hardware, if desired, using conventional techniques.

The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices. Practitioners of ordinary skill will recognize that the invention may be executed on one or more computer processors that are linked using a data network, including, for example, the Internet. In another embodiment, different steps of the process can be executed by one or more computers and storage devices geographically separated by connected by a data network in a manner so that they operate together to execute the process steps. In one embodiment, a user's computer can run an application that causes the user's computer to transmit a stream of one or more data packets across a data network to a second computer, referred to here as a server. The server, in turn, may be connected to one or more mass data storage devices where the database is stored. The server can execute a program that receives the transmitted packet and interpret the transmitted data packets in order to extract database query information. The server can then execute the remaining steps of the invention by means of accessing the mass storage devices to derive the desired result of the query. Alternatively, the server can transmit the query information to another computer that is connected to the mass storage devices, and that computer can execute the invention to derive the desired result. The result can then be transmitted back to the user's computer by means of another stream of one or more data packets appropriately addressed to the user's computer. In one embodiment, the relational database may be housed in one or more operatively connected servers operatively connected to computer memory, for example, disk drives. In yet another embodiment, the initialization of the relational database may be prepared on the set of servers and the interaction with the user's computer occur at a different place in the overall process.

It should be noted that the flow diagrams are used herein to demonstrate various aspects of the invention, and should not be construed to limit the present invention to any particular logic flow or logic implementation. The described logic may be partitioned into different logic blocks (e.g., programs, modules, functions, or subroutines) without changing the overall results or otherwise departing from the true scope of the invention. Oftentimes, logic elements may be added, modified, omitted, performed in a different order, or implemented using different logic constructs (e.g., logic gates, looping primitives, conditional logic, and other logic constructs) without changing the overall results or otherwise departing from the true scope of the invention.

The described embodiments of the invention are intended to be exemplary and numerous variations and modifications will be apparent to those skilled in the art. All such variations and modifications are intended to be within the scope of the present invention as defined in the appended claims. Although the present invention has been described and illustrated in detail, it is to be clearly understood that the same is by way of illustration and example only, and is not to be taken by way of limitation. It is appreciated that various features of the invention which are, for clarity, described in the context of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable combination.

The foregoing description discloses only exemplary embodiments of the invention. Modifications of the above disclosed apparatus and methods which fall within the scope of the invention will be readily apparent to those of ordinary skill in the art. Accordingly, while the present invention has been disclosed in connection with exemplary embodiments thereof, it should be understood that other embodiments may fall within the spirit and scope of the invention as defined by the following claims. 

1-6. (canceled)
 7. A method executed by a computer system for automatically managing the movement of document files from a first document file storage system comprised of a first computer to a second document file storage system external to the first comprised of a second computer comprising: opening a file open type dialog on a user interface displayed by a computer operated by a user operatively connected to the first computer comprising the first document file storage system; receiving a first set of at least one parameter defining metadata associated with the document file and storing the received at least one parameter in a data structure corresponding to the document file, the data structure residing on the first document file storage system; automatically generating a second set of at least one parameters defining metadata associated with the document file; transmitting to the second document file storage system the second set of at least one parameters; storing the document file on the second document file storage system; and updating the data structure residing on the first document file storage system corresponding to the document file with data representing an identity of the second file document storage system.
 8. The method of claim 7, further comprising storing in the data structure on the first document file storage system data representing a mapping of attributes of a first organization paradigm associated with the first document file storage system to attributes of a second organization paradigm associated with the second document file storage system.
 9. The method of claim 7, further comprising updating the data structure associated with the document file with data representing an identity of a user operating the first computer and inputting the first parameter set.
 10. The method of claim 7 further comprising updating the data structure associated with the document file with data representing a time value when the storage on the second document file storage system occurred.
 11. The method of claim 7, further comprising storing a copy of the document file on a storage location internal to the first document file storage system.
 12. The method of claim 7, wherein the opening of the file open type dialog is initiated by intercepting a first file open type process of a first program application and re-directing control of the system to a second program that executes a second file open type process.
 13. The method of claim 7, further comprising operating a document security policy check process against the file prior to transmitting the document file to the second storage system.
 14. The method of claim 13, further comprising, based on the result of the security policy check process, converting the document file from a first format to a second format.
 15. The method of claim 13, further comprising, based on the result of the security policy check process, removing hidden metadata or comment data from the document file.
 16. The method of claim 13, further comprising, based on the result of the security policy check process, modifying the document file to remove or obscure confidential information.
 17. The method of claim 13, further comprising, based on the result of the security policy check process, preventing the storage of the document file on the external system.
 18. The method of claim 17, wherein the security policy check is comprised of inspecting the metadata attributes of the document file.
 19. The method of claim 17, wherein the security policy check includes inspecting a context derived from the first document file storage system that prohibits the file from being transmitted outside the perimeter of the first document file storage system.
 20. The method of claim 7, wherein the storing of the document on the second document file storage system includes of transmitting data embodying the document file.
 21. The method of claim 7, wherein the storing of the document on the second document file storage system includes transmitting data representing a logical pointer to the document file.
 22. The method of claim 7, wherein the second file open type dialog is executed by an Internet browser operating a plug-in program.
 23. The method of claim 7, wherein the second file open type dialog is executed by an Internet browser operating an extension.
 24. The method of claim 7, wherein the second file open type dialog is executed by replacing or modifying an operating system file selection dialog process resident on the first computer.
 25. The method of claim 7, further comprising: receiving data input that selects the document file; intercepting the process after selection of the document file has been input; running a security protocol program on the selected document file; and based on the security protocol program result, passing the file or a pointer to the file to the file open dialog process.
 26. The method of claim 25, further comprising copying the document file represented by the data input that selects the document file to a temporary location in the first document file storage system and performing the running a security protocol step on the stored copy of the document file. 